Skip to content
/ regextract Public

Extract key values from registry hives to base line machines during a static forensic investigation.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

glowbase/regextract

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
reg.py
reg.py
 
 

Repository files navigation

regextract

Extract key values from registry hives to base line machines during a static forensic investigation.

Currently, the script pulls the following information.

  • Operating System (Build, Version, Edition, etc.)
  • Computer Name
  • Time Zone (Bias, Time Zone, etc.)
  • Network (Interfaces, IP Addresses, DHCP, etc.)

Use

Ensure all registry hives are retrieved from the forensic image using a tool such as FTK Imager and placed into the hives/ directory. The execute the script shown below:

python3 reg.py

Once executed, you should see an output.xlsx spreadsheet with the information pulled from the registry hives provided. Currently, information is separated into different sheets for ease of use.

About

Extract key values from registry hives to base line machines during a static forensic investigation.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages